OT004 – AEWIN Trusted Secure Boot module

social_icon_fb social_icon_twitter social_icon_line social_icon_line

Hardware platforms are getting more and more complex, and as a side effect firmware have been given even more functionalities and controls even more things than before. Thus, it is absolutely essential to maintain the integrity of the on-board firmware to ensure the security of the data passing through the system. AEWIN is experienced in maintaining the integrity of the system due to prior experiences as ODM for specialized sectors.

Today we’ll take a deeper look at our OT004 module that we’ve launched last year. It is the first chain in the root of trust security system we’ve devised to increase the firmware resiliency. OT004 is a self-contained module and isolated from rest of the system to reduce possible attack surfaces. It is equipped with a FPGA with AEWIN Trusted Secure Boot firmware. The on-board logics identify and authenticate firmware inside the system. If an anomaly has been found, it can provide automated firmware recovery or hold the boot sequence and alerting the system admins. The default behavior is programmable and can be adjusted by the administrator during the setup of the module.

To prevent tampering, the golden image stored on-board is locked from changes. Without updating the module, any firmware updates or unauthorized changes will be overwritten and restoring it to the previously known good state. There are several layers of security and algorithms to prevent an attacker from brute-force attacks on the module to compromise the system. Likewise, there module protects itself from attacks and unauthorized updates with several layers of security.

To support the wide range of AEWIN platforms, OT004 module has been split into 3 different SKUs: OT004A, OT004B, and OT004C. OT004A is specifically designed for systems with on-board BMC, such as the SCB-1927 and SCB-1928, AEWIN’s Intel Purley platforms with on-board BMC. With on-board BMC, the root of trust starts at verification of BMC firmware, where it can verify the BIOS image. Which then continues the root of trust until the booting of the OS, where it can verify the operation of AEWIN Trusted Secure Boot module to complete the complete chain in root of trust.

OT004B and OT004C is designed for Intel and AMD system respectively to provide root of trust function starting at the BIOS. It is designed primarily for systems without on-board BMC. Due to the slightly different firmware hardware architecture, it required a split in SKU to support the 2 platforms. For example, SCB-1826 supports the OT004B, and SCB-1833 supports the OT004C. Please let us know if you have any questions or comments about integrate firmware security into your next AEWIN devices. Our friendly sales can help you secure your next AEWIN platform.

Trusted Secure Boot Module

  • Trusted Secure Boot Module
  • TSB pin header